Residential Proxy SDKs Embedded in 34% of LG and Samsung Smart TV Apps Turn TVs into Hidden Traffic Relays
What Happened — Spur Intelligence scanned 6,038 LG webOS and Samsung Tizen apps and found 2,058 (34 %) contain residential‑proxy SDKs. The code routes a user’s home‑network traffic through the TV, monetising the connection while the visible app appears benign.
Why It Matters for Compliance & Audit Readiness
- The hidden proxy bypasses user consent expectations, creating a privacy‑risk scenario that SOC 2 CC 1.2 (Privacy) and GDPR/CCPA obligations are designed to detect and document.
- Continuous‑compliance programs need evidence that all third‑party SDKs are inventoried, consented to, and that data‑flow is mapped – exactly the control set CookiePLUS automates.
Who Is Affected — Consumer‑electronics manufacturers, smart‑TV app developers, and any organisation that relies on home‑network devices for business operations (e.g., remote‑work endpoints).
Recommended Actions —
- Conduct an inventory of all smart‑TV applications in your environment and flag any that embed residential‑proxy SDKs.
- Update privacy notices to require explicit, granular consent for any traffic‑relay functionality.
- Deploy network‑segmentation and continuous monitoring for IoT devices to detect anomalous outbound traffic.
Source: Help Net Security – Residential proxy SDKs are hiding in LG and Samsung smart TV apps
Technical Notes — The SDKs act as a residential proxy, routing HTTP/HTTPS requests through the TV’s IP address. No CVE is cited; the risk stems from the business model and lack of platform‑level policy. The traffic can reach internal resources (router admin panels, NAS, printers) if the proxy is allowed to request private IP ranges. Source: same article